Traditional security frameworks provide a plurality of resources, such as files and devices, and define a set of users or groups with certain permissions related to those resources. For example, user “joe” may belong to group “users” on a system, such as a Unix-workalike or a Windows-based system. Joe may have both read and write access to his “home” directory, and as a member of the group “users,” may also have read-only access to certain system resources such as system drivers.